Cryptography Reference
In-Depth Information
Attacks on Passwords
We have met some attacks on passwords already in our travels, such as
password sni
ng
(see page 199); the
birthday attack
(see page 252);
spoofing
(see
page 305); and the
dictionary attack
(see Footnote 5.2 on page 201). Moreover,
there is also password-crackingsoftware available. Some of these we saw only
in passingso we expand our discussion here.
There are attacks based upon the aforementioned human laziness in choosing
passwords. Mallory understands these human weaknesses and exploits them in
a group of attack methods known collectively as
social engineering attacks
(see
page 394).
There are several attacks Mallory may employ to gain access to sensitive
information as follows.
Packet Sniffers
A
packet sniffer
is a program that monitors, captures, and analyzes network
traLc, or databases (legitimately or illegitimately). For instance, a database
might be (illegitimately) scrutinized by Mallory to detect passwords. If he is
successful at gaining access to a system-level password, Mallory can create a
new account that can be used at will as a
back door
to get into the network and
its resources, includingthe alteringof core system files, such as the password
for the system administrator account, the list of server services and permissions,
and the login information for other machines, containing critically confidential
information. This could create chaos since the daily workings of the network are
up for grabs, and Mallory's network packet sniffer can be modified to include his
information or change system information in a network packet, forcing network
connections to behave erratically, at best.
Packet sniffers can also be used legitimately as follows. A
snoop server
is
a server that uses a packet sniffer to capture network tra
L
c for analysis. For
example, an employer might want to use a snoop server to monitor the WWW
sites visited by their employees.
Snoop servers typically operate in
promiscuous mode
, which is a networking
mode allowinga network device (a unit of removable hardware), to access all
packets, irrespective of their target addresses. In this manner, a snoop server
for instance, can seize any data packet, copy, and store it to a file for later
analysis and reporting. For example, the Sun operating system,
Solaris
, has a
feature called the
snoop command
permittingadministrators to capture packets
with an attendant packet description or summary. However, this also permits
intruders (runningthe Solaris OS), to scrutinize the traLc over the network.
In general, a promiscuous mode is used for legitimate monitoring of net-
work activity. This might involve the performance of diagnostic testing to try
to resolve such problems as bottlenecks in the flow of traLc, or general trou-
bleshootingto identify a variety of performance problems. Modern sniffers can
be configured to automatically alert administrators when a performance prob-
lem is triggered by some preset standard, which they set as a local bound.
A packet sniffer can be configured to store copies of packets in memory or
Search WWH ::
Custom Search